From: bugzilla-daemon@kernel.org
To: linux-ext4@vger.kernel.org
Subject: [Bug 218648] ext4: previously opened file remains writeable on readonly ext4 filesystem; Data loss.
Date: Thu, 28 Mar 2024 14:55:22 +0000 [thread overview]
Message-ID: <bug-218648-13602-n7LY5ZJJYn@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-218648-13602@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=218648
Theodore Tso (tytso@mit.edu) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tytso@mit.edu
--- Comment #1 from Theodore Tso (tytso@mit.edu) ---
Normally, if there is a file opened for writing when there is an attempt to
remount a file system read-only via a command, e.g., "mount -o remount,ro
/dev/sdc", the remount with fail with EBUSY.
The problem is what should we do if the block device has failed or otherwise
disappeared. In that situation, we can either do absolutely nothing
("errors=continue"), panic and halt the system ("errors=panic"), or remount the
file-system ("errors=remount-ro"). However, what should be done if there is a
file descriptor open for writing?
1) We could fail the remount, which would mean that the file system would
continue to be mounted read/write, which would cause the behavior to devolve to
"errors=continue".
2) We could force the file system to be read-only, but any file descriptors
that are still would be still open --- but attempts to write to the file will
fail with EIO.
We've chosen because it's the best we can do. We can refuse a remount
read-only if it is initiated by the system administrator, if a user yanks the
USB thumb drive out of the laptop, or a terrorist slams a plain into the
machine room at the Pentagon, it's not like the kernel can stop something like
that from happening. ("I'm sorry Hal, I'm afraid I can't allow you to do that
ala the movie "2001: A Spacey Odessey" is not yet a thing; although maybe
sometime soon our AI Overlords will have that power. :-)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
next prev parent reply other threads:[~2024-03-28 14:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-27 9:31 [Bug 218648] New: ext4: previously opened file remains writeable on readonly ext4 filesystem; Data loss bugzilla-daemon
2024-03-28 14:55 ` bugzilla-daemon [this message]
2024-03-29 9:06 ` [Bug 218648] " bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-218648-13602-n7LY5ZJJYn@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.